[Snort-users] MySQL support for Snort 2.9.4
wkitty42 at ...14940...
Wed Dec 12 11:36:47 EST 2012
On 12/12/2012 09:49, Russ Combs wrote:
> On Wed, Dec 12, 2012 at 9:32 AM, waldo kitty <wkitty42 at ...14940...> wrote:
> On 12/11/2012 17:08, Kaya Saman wrote:
> > Starting Snort does give me a few warnings:
> > Running in IDS mode
> > --== Initializing Snort ==--
> > Initializing Output Plugins!
> > pcap DAQ configured to passive.
> > Acquiring network traffic from "trunk0".
> > Reload thread starting...
> > Reload thread started, thread 0x205d9a600 (18685)
> pretty much ok to here...
> > Decoding Ethernet
> this bothers me... why? because it seems to indicate that only ethernet is being
> sniffed and not tcp/ip...
> FYI - this is just an indication of the outermost layer decoder (the datalink
> type obtained from the DAQ). Snort can handle others, but Ethernet will be the
> most common.
ahhh... ok... i'm so used to seeing "Decoding 'ANY' on interface foo"... there
are literally thousands of those still running out there ;)
More information about the Snort-users